imminent | 0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af | Triage

Submit
Reports

Overview

overview

Static

static

0b42161e88...af.exe

windows7-x64

0b42161e88...af.exe

windows10-2004-x64

Sharing

General

Target

0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af
Size

2.3MB
Sample

221029-lnn65sbhaj
MD5

1acd748077b01272fc18ca9a1271c7b0
SHA1

b2c7fce642fd06ec9122021ee43a9ca593914cc3
SHA256

0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af
SHA512

b7396be5df422911ba28b5ee04c3b2b2d691f3dde074a9af897be9041aa1b4798842f862e9420d3734dbb49caab947b91dd4cbaa5a089819d60b35a01ae39a72
SSDEEP

49152:xpymeCZZQYiMg6+vf8YfogWyxSQtrbXFLO6W4mAeEAGnpfBDb:xpyEZQ6c0Imy0UfVLOYm0nR5b

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af.exe

Resource

win7-20220812-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af
- Size
  
  2.3MB
- MD5
  
  1acd748077b01272fc18ca9a1271c7b0
- SHA1
  
  b2c7fce642fd06ec9122021ee43a9ca593914cc3
- SHA256
  
  0b42161e889ed181ad0b0a7b0240208cf10c23452b33f170c60734a5ab52b2af
- SHA512
  
  b7396be5df422911ba28b5ee04c3b2b2d691f3dde074a9af897be9041aa1b4798842f862e9420d3734dbb49caab947b91dd4cbaa5a089819d60b35a01ae39a72
- SSDEEP
  
  49152:xpymeCZZQYiMg6+vf8YfogWyxSQtrbXFLO6W4mAeEAGnpfBDb:xpyEZQ6c0Imy0UfVLOYm0nR5b
Score

10^/10

persistence imminent spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy